An Analysis of Assessment Approaches and Maturity Scales used for Evaluation of Information Security and Cybersecurity User Awareness and Training Programs: A Scoping Review

This study aimed to ascertain the types of approaches that are applied in the assessments of information security and cybersecurity user awareness and training programs. The study focused on achieving two objectives. The first objective focused on to find out what measurements are used in the assessment of the effectiveness of information security and cybersecurity user awareness and training programs. The second objective focused on studies that made use of maturity models to measure the progress of these programs. A Scoping Literature Review process was followed to achieve these objectives. The study found that there is a gap in current literature with regards to the assessment of these programs, as only five papers and two maturity models focused on the assessment of these programs. The study further recommends that more studies be conducted in the assessment of these programs, as most researchers are encouraging the use of the programs in the fight against cyber-attacks.